Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/paramiko@2.3.3

Type pypi

Namespace

Name paramiko

Version 2.3.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-ywwc-ptfp-97cg

vulnerability_id

VCID-ywwc-ptfp-97cg

summary

paramiko: Paramiko: Data integrity could be compromised due to SHA-1 algorithm use

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44405.json

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44405.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-44405

reference_id

reference_type

scores

value	4e-05
scoring_system	epss
scoring_elements	0.00208
published_at	2026-06-05T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00303
published_at	2026-06-08T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.0031
published_at	2026-06-06T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00304
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-44405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44405

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/paramiko/paramiko

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/paramiko/paramiko

reference_url

https://github.com/paramiko/paramiko/commit/a4489456b6f65281e172380cc4826cee5e851dbb

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:54:08Z/

url

https://github.com/paramiko/paramiko/commit/a4489456b6f65281e172380cc4826cee5e851dbb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-44405

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-44405

reference_url

https://ostif.org/wp-content/uploads/2026/05/25-11-2415-REP_paramiko-security-audit_v1.1.pdf

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:54:08Z/

url

https://ostif.org/wp-content/uploads/2026/05/25-11-2415-REP_paramiko-security-audit_v1.1.pdf

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135907
reference_id	1135907
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135907

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2466929
reference_id	2466929
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2466929

reference_url

https://github.com/advisories/GHSA-r374-rxx8-8654

reference_id

GHSA-r374-rxx8-8654

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r374-rxx8-8654

fixed_packages

aliases

CVE-2026-44405, GHSA-r374-rxx8-8654

risk_score

1.6

exploitability

0.5

weighted_severity

3.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ywwc-ptfp-97cg

Fixing_vulnerabilities

url VCID-qrh9-bxde-fqau

vulnerability_id VCID-qrh9-bxde-fqau

summary Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

references

reference_url

https://access.redhat.com/errata/RHBA-2018:3497

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2018:3497

reference_url

https://access.redhat.com/errata/RHSA-2018:3347

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3347

reference_url

https://access.redhat.com/errata/RHSA-2018:3406

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3406

reference_url

https://access.redhat.com/errata/RHSA-2018:3505

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3505

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000805.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000805.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000805

reference_id

reference_type

scores

value	0.00905
scoring_system	epss
scoring_elements	0.76125
published_at	2026-06-08T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.76118
published_at	2026-06-04T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.76144
published_at	2026-06-05T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.76145
published_at	2026-06-06T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.76137
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000805

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000805
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000805

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-f2j6-wrhh-v25m

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-f2j6-wrhh-v25m

reference_url

https://github.com/paramiko/paramiko

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/paramiko/paramiko

reference_url

https://github.com/paramiko/paramiko/issues/1283

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/paramiko/paramiko/issues/1283

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-69.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-69.yaml

reference_url

https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt

reference_url

https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html

reference_url

https://usn.ubuntu.com/3796-1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3796-1

reference_url	https://usn.ubuntu.com/3796-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3796-1/

reference_url

https://usn.ubuntu.com/3796-2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3796-2

reference_url	https://usn.ubuntu.com/3796-2/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3796-2/

reference_url

https://usn.ubuntu.com/3796-3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3796-3

reference_url	https://usn.ubuntu.com/3796-3/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3796-3/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1637263
reference_id	1637263
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1637263

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910760
reference_id	910760
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910760

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000805

reference_id

CVE-2018-1000805

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000805

reference_url	https://access.redhat.com/errata/RHSA-2018:3470
reference_id	RHSA-2018:3470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3470

fixed_packages

url pkg:pypi/paramiko@2.0.9

purl pkg:pypi/paramiko@2.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ywwc-ptfp-97cg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.0.9

url pkg:pypi/paramiko@2.1.6

purl pkg:pypi/paramiko@2.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ywwc-ptfp-97cg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.1.6

url pkg:pypi/paramiko@2.2.4

purl pkg:pypi/paramiko@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ywwc-ptfp-97cg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.2.4

url pkg:pypi/paramiko@2.3.3

purl pkg:pypi/paramiko@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ywwc-ptfp-97cg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.3.3

url pkg:pypi/paramiko@2.4.2

purl pkg:pypi/paramiko@2.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ywwc-ptfp-97cg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.4.2

aliases CVE-2018-1000805, GHSA-f2j6-wrhh-v25m, PYSEC-2018-69

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrh9-bxde-fqau

Risk_score 1.6

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.3.3

Package Instance